From 098c1e3d1425ffdad15e6001b4fc9f2a606f3d83 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 28 Apr 2016 19:49:17 +0100
Subject: [PATCH] Fix a leak in i2b_PVK

Commit 8e588e28 fixed a leak but introduced a new one.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/pem/pvkfmt.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index e7ee6ddf9c..dc9008809b 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -806,7 +806,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
                    pem_password_cb *cb, void *u)
 {
     int outlen = 24, pklen;
-    unsigned char *p, *salt = NULL;
+    unsigned char *p = NULL, *salt = NULL;
     EVP_CIPHER_CTX *cctx = NULL;
     if (enclevel)
         outlen += PVK_SALTLEN;
@@ -828,7 +828,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
 
     cctx = EVP_CIPHER_CTX_new();
     if (cctx == NULL)
-        return -1;
+        goto error;
 
     write_ledword(&p, MS_PVKMAGIC);
     write_ledword(&p, 0);
@@ -882,6 +882,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
 
  error:
     EVP_CIPHER_CTX_free(cctx);
+    if (*out == NULL)
+        OPENSSL_free(p);
     return -1;
 }
 
-- 
2.25.1